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Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.0 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) [S Notice of References Cited (PTO-892) 

2) O Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date . 



4) CD Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) CD Notice of Informal Patent Application (PTO-152) 

6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 7-05) 



Office Action Summary 



Part of Paper No./Mail Date 20051220 



Application/Control Number: 09/545,381 
Art Unit: 3623 



Page 2 



DETAILED ACTION 
Continued Examination Under 37 CFR LI 14 

1. A request for continued examination under 37 CFR 1.1 14, including the fee set forth in 
37 CFR 1.17(e), was filed in this application on 1 1/10/2005. Since this application is eligible for 
continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been 
timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 
1.114. Applicant's submission filed on 1 1/10/2005 has been entered. 

2. Claims 1-18 remain pending in this application and are addressed below. 

Allowable Subject Matter 

3. Claims 10-15 are allowed. 

4. Claims 2-5 and 17 are objected to as being dependent upon a rejected base claim, but 
would be allowable if rewritten in independent form including all of the limitations of the base 
claim and any intervening claims. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1, 6-9, 16, and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Buddie et al. (U.S. 6,912,502). 
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6. As per claim 1, Buddie et al. teaches a method for determining compliance with 
organizational business policies associated with a business risk, said method comprising: 

a. the computer receiving a user selection of a business risk element, said business 
risk element being retrieved from a database coupled to said computer (See figure 7, 
column 10, line 40-column 11, line 5 and lines 14-20 and column 13, lines 24-38, 
wherein the computer receives a compliance officer's selection of a risk 
element/compliance issue, which is retrieved and viewed from the database); 

b. in response to the selection of said business risk element, the computer retrieving 
one or more predetermined control procedures, the control procedures identified by an 
administrator as a means for complying with business policies associated with said 
selected risk element (See column 2, line 60-column 3, line 25 and lines 30-40, column 5, 
lines 15-30 and 44-60, column 11, lines 1-5, column 13, lines 25-40, wherein action plans 
(i.e. control procedures) associated with business policies and compliance issues are 
retrieved in association with the compliance issue. The action plan's purpose is to get the 
compliance issue to comply with policies and regulations); 

c. the computer associating said one or more predetermined control procedures with 
said selected business risk element, said predetermined control procedures being stored in 
said database (See column 5, lines 15-30 and 44-60, column 10, lines 30-55, column 11, 
lines 1-5, and column 13, lines 25-37, wherein the control procedures are stored and 
associated with the risk element); 

d. in response to the retrieving of the control procedures, the computer retrieving a 
weight assigned to each one of said predetermined control procedures, said weight being 
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stored in said database (See figure 4, column 8, lines 40-55, wherein a severity weight is 
assigned, which is retrieved and used to calculate overall risk); 

e. the computer receiving a user selection of a compliance rating for each said 
predetermined control procedure, the rating selected by the user indicating a level of 
compliance with each one of said predetermined control procedures, for each of said 
predetermined control procedures the level of compliance is a subjective rating selected 
from a rigid set of compliance ratings, the same set of compliance ratings is available for 
each of said predetermined control procedures (See figures 4 and 5A, column 7, lines 40- 
65, column 8, lines 32-55, wherein user selected ratings are provided to the control 
procedures, these indicating a level of compliance); and 

f. the computer calculating a compliance score, each compliance score being a 
function of said assigned weights and said compliance rating of said predetermined 
control procedures (See figure 4, column 5, lines 15-30 and 44-60, column 7, lines 30-40, 
column 8, lines 20-55, wherein a compliance score (risk score) is calculated by the 
system as a function of severity (weight) and the ratings ). 

However, Buddie et al. does not expressly disclose that the business risk element is 
selected from a business risk element list which is displayed to the user, said list being retrieved 
from a database coupled to said computer. 

Buddie et al. discloses a database in the system that stores issues and actions plans and 
allows a user to retrieve and view the compliance issues and action plans from the database. 
Buddie et al. further discloses a display that is functionally connected to the input module, 
processor, database, etc. See figure 6. It is old and well known in software to display to a user a 
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list of files or data stored in a database when the user is trying to retrieve a file or data from said 
database, such as occurs when using the open function of a program. Therefore, it would have 
been obvious to one of ordinary skill in the art at the time of the invention to display a business 
risk element list to the user when the user is retrieving an element from the database in order to 
allow the user to more efficiently access the data stored in the database of the system by offering 
the user a more user- friendly display with which to interface the database. 

7. As per claim 6, Buddie et al. discloses associating one or more parameters with each said 
compliance rating (See column 8, lines 20-40, column 1 1, lines 60-67, which discloses 
parameters associated with the compliance rating). 

8. As per claim 7, Buddie et al. teaches wherein said one or more parameters are selected 
from the group comprising organization, business line, process, and region (See column 11, lines 
60-67, which discloses such parameters). 

9. As per claim 8, Buddie et al. teaches the step of the computer sorting said compliance 
scores by said one or more parameters (See column 11, lines 20-35 and line 60-column 12, line 
5, which discloses sorting the scores). 

10. As per claim 9, Buddie et al. teaches the step of the computer displaying said sorted 
compliance scores (See column 11, lines 20-35 and line 60-column 12, line 5 and lines 40-50, 
wherein reports are displayed). 

11. Claim 16 is substantially similar to claim 1 and is rejected using the same art and 
rationale as applied above. Buddie et al. further teaches a database and a processor coupled to 
the database (See figures 6-7, column 12, lines 7-15 and 30-40, and column 13, lines 24-37). 
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12. As per claim 18, Buddie et al. teaches a data processing system further comprising a 
computer display coupled to said processor, said processor further being programmed to display 
said compliance scores on a computer display (See figures 6-7, column 7, lines 40-60, column 

12, lines 1-15 and 30-49, and column 13, lines 24-37). 

Response to Arguments 

13. Applicant's arguments with respect to Buddie et al. (U.S. 6,912,502) have been fully 
considered. 

Applicant's argument that Buddie et al. does not disclose a business risk element list that 
is displayed to the user, the list retrieved from a database (see page 3-4 of applicant's current 
remarks) has been fully considered and is persuasive. Therefore, the 35 USC § 102 rejection has 
been withdrawn. However, upon further consideration, a new grounds of rejection is made in 
view of Buddie et al. under 35 USC § 103. 

Applicant's arguments that Buddie et al. does not teach or suggest (1) retrieving 
predetermined control procedures and (2) a weight assigned to a predetermined control 
procedure or retrieving this weight from the database have been fully considered, but they are not 
persuasive. 

In response to argument (1), Examiner respectfully disagrees. The system of Buddie et 
al. receives a compliance officer's selection of a risk element/compliance issue, which is 
retrieved and viewed from the database. Action plans (i.e. control procedures) are associated 
with the compliance issues and reflect plans to achieve set business policies and regulations. A 
user has the ability to retrieve compliance issues and associated action plans from the data 
storage of the system in order to track and monitor the issues which face the business or 
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company. See column 2, line 60-column 3, line 25 and lines 30-40, column 5, lines 15-30 and 
44-60, column 11, lines 1-5, column 13, lines 25-40. 

In response to argument (2), Examiner respectfully disagrees. In the broadest reasonable 
interpretation of the term, a weight is a factor assigned to a number in a computation to make the 
number's effect on the computation reflect its importance. Buddie et al teaches assigning a 
severity score to an issue and its associated action plans (i.e. a business risk element and control 
procedures) in the computation of risk, the severity score being a value multiplied to reflect the 
severity of issue and action plans outcome (i.e. the degree to which something undesirable, such 
as fines, lawsuits, etc., may occur). The computation of risk is tracked, with the risk score being 
computed at intervals, such as predetermined intervals. All the information is stored in the 
database and retrieved to perform a current calculation. See column 8, lines 20-45, column 10, 
lines 30-55, and column 1 1, lines 1-5. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Aycock et al. (U.S. 5,675,138) discloses using control procedures to minimize risk and 
weighted scores. 

Helzerman (U.S. 6,901,372) teaches potential failures and developing procedure to adjust 
potential failures using a control plan. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Beth Van Doren whose telephone number is (571) 272-6737. 
The examiner can normally be reached on M-F, 8:30-5:00. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Tariq Hafiz can be reached on (571) 272-6729. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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